@classytic/arc 2.9.1 → 2.10.3

package/dist/{index-CtGKT0lf.d.mts → index-DStwgFUK.d.mts}

@@ -1,6 +1,80 @@
-import { J as OpenApiSchemas, X as ParsedQuery, Xt as CrudRepository, _t as RouteSchemaOptions, c as ValidationResult, n as AdapterSchemaContext, o as RepositoryLike, r as DataAdapter, s as SchemaMetadata, tt as QueryParserInterface } from "./interface-YrWsmKqE.mjs";
+import { At as SchemaMetadata, Et as DataAdapter, Kt as QueryParserInterface, Tt as AdapterSchemaContext, Wt as ParsedQuery, gt as RouteSchemaOptions, jt as ValidationResult, kt as RepositoryLike, rt as OpenApiSchemas } from "./index-Cl0uoKd5.mjs";
 import { Model } from "mongoose";
+import { StandardRepo } from "@classytic/repo-core/repository";
 
+//#region src/adapters/drizzle.d.ts
+/**
+ * Minimum shape arc needs from a Drizzle column. Every SQLite, PG, and MySQL
+ * column in `drizzle-orm` exposes these via `getTableColumns(table)`. Held
+ * structurally so arc doesn't depend on `drizzle-orm` types.
+ */
+interface DrizzleColumnLike {
+  columnType?: string;
+  dataType?: "number" | "string" | "date" | "boolean" | "json" | "buffer" | "bigint" | "custom";
+  notNull?: boolean;
+  hasDefault?: boolean;
+  primary?: boolean;
+  enumValues?: readonly string[];
+  length?: number;
+  name?: string;
+}
+/**
+ * Structural Drizzle table — only requires `[Symbol.for('drizzle:Columns')]`,
+ * which every Drizzle table exposes. Matches `drizzle-orm`'s `Table` at
+ * runtime without importing it at compile time.
+ */
+type DrizzleTableLike = Record<symbol, Record<string, DrizzleColumnLike>> & {
+  [key: string]: unknown;
+};
+interface DrizzleAdapterOptions<TDoc = unknown> {
+  /** Drizzle table — used for schema introspection. */
+  table: DrizzleTableLike;
+  /** Repository implementing the repo-core contract. */
+  repository: StandardRepo<TDoc> | RepositoryLike<TDoc>;
+  /**
+   * External schema generator. When provided, replaces the built-in
+   * type-only conversion. Wire it to your kit's `buildCrudSchemasFromTable`
+   * (sqlitekit, pgkit, ...) to get the full CRUD schemas — strict
+   * additional-property control, field-rule application, param-type
+   * narrowing from primary-key columns, etc.
+   */
+  schemaGenerator?: (table: DrizzleTableLike, options?: RouteSchemaOptions, context?: AdapterSchemaContext) => OpenApiSchemas | Record<string, unknown>;
+  /** Optional name — defaults to "DrizzleAdapter". */
+  name?: string;
+}
+declare class DrizzleAdapter<TDoc = unknown> implements DataAdapter<TDoc> {
+  readonly type: "drizzle";
+  readonly name: string;
+  readonly table: DrizzleTableLike;
+  readonly repository: StandardRepo<TDoc> | RepositoryLike<TDoc>;
+  private readonly schemaGenerator?;
+  constructor(options: DrizzleAdapterOptions<TDoc>);
+  /**
+   * Introspect Drizzle columns into arc's schema metadata shape.
+   */
+  getSchemaMetadata(): SchemaMetadata;
+  /**
+   * Generate OpenAPI schemas. Delegates to the user-provided
+   * `schemaGenerator` when available (strongly recommended — that's where
+   * field rules, omit lists, and param-type narrowing live). The built-in
+   * fallback emits a permissive entity + CRUD body shape so routes still
+   * register when no generator is provided.
+   *
+   * After the kit generator runs, arc merges constraint-style field rules
+   * (`minLength`, `maxLength`, `min`, `max`, `pattern`, `enum`, `description`)
+   * into the resulting property schemas so sqlitekit / pgkit behave
+   * identically to mongoose here — rule-driven AJV constraints apply
+   * regardless of backend.
+   */
+  generateSchemas(schemaOptions?: RouteSchemaOptions, context?: AdapterSchemaContext): OpenApiSchemas | Record<string, unknown> | null;
+  healthCheck(): Promise<boolean>;
+}
+/**
+ * Factory — preferred construction style for symmetry with
+ * `createMongooseAdapter` / `createPrismaAdapter`.
+ */
+declare function createDrizzleAdapter<TDoc = unknown>(options: DrizzleAdapterOptions<TDoc>): DrizzleAdapter<TDoc>;
+//#endregion
 //#region src/adapters/mongoose.d.ts
 /**
  * Options for creating a Mongoose adapter.
@@ -12,7 +86,7 @@ interface MongooseAdapterOptions<TDoc = unknown> {
   /** Mongoose model instance — preserves document type for type safety */
   model: Model<TDoc>;
   /** Repository implementing CRUD operations - accepts any repository-like object */
-  repository: CrudRepository<TDoc> | RepositoryLike;
+  repository: StandardRepo<TDoc> | RepositoryLike<TDoc>;
   /**
    * External schema generator plugin for OpenAPI docs.
    * When provided, replaces the built-in basic type conversion.
@@ -40,7 +114,7 @@ declare class MongooseAdapter<TDoc = unknown> implements DataAdapter<TDoc> {
   readonly type: "mongoose";
   readonly name: string;
   readonly model: Model<TDoc>;
-  readonly repository: CrudRepository<TDoc> | RepositoryLike;
+  readonly repository: StandardRepo<TDoc> | RepositoryLike<TDoc>;
   private readonly schemaGenerator?;
   constructor(options: MongooseAdapterOptions<TDoc>);
   /**
@@ -79,7 +153,7 @@ declare class MongooseAdapter<TDoc = unknown> implements DataAdapter<TDoc> {
  * const adapter = createMongooseAdapter(ProductModel, productRepository);
  * ```
  */
-declare function createMongooseAdapter<TDoc = unknown>(model: Model<TDoc>, repository: CrudRepository<TDoc> | RepositoryLike): DataAdapter<TDoc>;
+declare function createMongooseAdapter<TDoc = unknown>(model: Model<TDoc>, repository: StandardRepo<TDoc> | RepositoryLike<TDoc>): DataAdapter<TDoc>;
 declare function createMongooseAdapter<TDoc = unknown>(options: MongooseAdapterOptions<TDoc>): DataAdapter<TDoc>;
 //#endregion
 //#region src/adapters/prisma.d.ts
@@ -205,7 +279,7 @@ interface PrismaAdapterOptions<TModel> {
   /** Model name (e.g., 'user', 'product') */
   modelName: string;
   /** Repository instance implementing CRUD operations */
-  repository: CrudRepository<TModel>;
+  repository: StandardRepo<TModel>;
   /** Optional: Prisma DMMF (Data Model Meta Format) for schema extraction */
   dmmf?: PrismaDmmf;
   /** Optional: Custom query parser (default: PrismaQueryParser) */
@@ -218,7 +292,7 @@ interface PrismaAdapterOptions<TModel> {
 declare class PrismaAdapter<TModel = unknown> implements DataAdapter<TModel> {
   readonly type: "prisma";
   readonly name: string;
-  readonly repository: CrudRepository<TModel>;
+  readonly repository: StandardRepo<TModel>;
   readonly queryParser: PrismaQueryParser;
   private client;
   private modelName;
@@ -266,4 +340,4 @@ declare class PrismaAdapter<TModel = unknown> implements DataAdapter<TModel> {
  */
 declare function createPrismaAdapter<TModel>(options: PrismaAdapterOptions<TModel>): PrismaAdapter<TModel>;
 //#endregion
-export { PrismaQueryParserOptions as a, MongooseAdapterOptions as c, PrismaQueryParser as i, createMongooseAdapter as l, PrismaAdapterOptions as n, createPrismaAdapter as o, PrismaQueryOptions as r, MongooseAdapter as s, PrismaAdapter as t };
+export { PrismaQueryParserOptions as a, MongooseAdapterOptions as c, DrizzleAdapterOptions as d, createDrizzleAdapter as f, PrismaQueryParser as i, createMongooseAdapter as l, PrismaAdapterOptions as n, createPrismaAdapter as o, PrismaQueryOptions as r, MongooseAdapter as s, PrismaAdapter as t, DrizzleAdapter as u };

package/dist/index.d.mts

@@ -1,10 +1,9 @@
-import { $t as DeleteResult, A as FastifyRequestExtras, At as BaseControllerOptions, B as IntrospectionData, Bt as IController, D as CrudSchemas, Dt as envelope, E as CrudRouterOptions, Et as ValidationResult$1, F as HealthCheck, G as MiddlewareConfig, H as JWTPayload, Ht as IRequestContext, I as HealthOptions, Jt as BulkWriteOperation, K as MiddlewareHandler, Kt as ResourceDefinition, L as InferAdapterDoc, M as FastifyWithDecorators, N as FieldRule, O as EventDefinition, P as GracefulShutdownOptions, Q as PresetFunction, Qt as DeleteOptions, R as InferDocType, Rt as ControllerLike, S as ConfigError, St as TypedResourceConfig, T as CrudRouteKey, Tt as ValidateOptions, Ut as RouteHandler, V as IntrospectionPluginOptions, Vt as IControllerResponse, Xt as CrudRepository, Y as OwnershipCheck, Yt as BulkWriteResult, Zt as DeleteManyResult, _ as ArcRequest, _n as PipelineStep, _t as RouteSchemaOptions, a as RelationMetadata, an as PaginationParams, at as RequestContext, bt as TypedController, c as ValidationResult, cn as RepositorySession, dn as Guard, et as PresetResult, fn as Interceptor, ft as ResourceMetadata, g as ArcInternalMetadata, gn as PipelineContext, hn as PipelineConfig, ht as RouteHandlerMethod, i as FieldMetadata, in as PaginatedResult, it as RegistryStats, j as FastifyWithAuth, kt as BaseController, ln as UpdateManyResult, lt as ResourceConfig, m as ApiResponse, mn as OperationFilter, nn as KeysetPaginatedResult, nt as RateLimitConfig, o as RepositoryLike, on as PaginationResult, ot as RequestIdOptions, p as AnyRecord, pn as NextFunction, qt as defineResource, r as DataAdapter, rn as OffsetPaginatedResult, rt as RegistryEntry, s as SchemaMetadata, sn as QueryOptions, st as RequestWithExtras, un as WriteOptions, vn as Transform, vt as ServiceContext, w as CrudController, wt as UserOrganization, xt as TypedRepository, y as AuthPluginOptions, z as InferResourceDoc } from "./interface-YrWsmKqE.mjs";
-import { a as applyFieldWritePermissions, i as applyFieldReadPermissions, n as FieldPermissionMap, o as fields, t as FieldPermission } from "./fields-BC7zcmI9.mjs";
-import { i as UserBase, n as PermissionContext, r as PermissionResult, t as PermissionCheck } from "./types-DZi1aYhm.mjs";
-import { l as createMongooseAdapter, o as createPrismaAdapter, s as MongooseAdapter, t as PrismaAdapter } from "./index-CtGKT0lf.mjs";
-import { C as MAX_REGEX_LENGTH, D as RESERVED_QUERY_PARAMS, E as MutationOperation, O as SYSTEM_FIELDS, S as MAX_FILTER_DEPTH, T as MUTATION_OPERATIONS, _ as DEFAULT_UPDATE_METHOD, a as getControllerScope, b as HookOperation, d as CrudOperation, f as DEFAULT_ID_FIELD, g as DEFAULT_TENANT_FIELD, h as DEFAULT_SORT, m as DEFAULT_MAX_LIMIT, p as DEFAULT_LIMIT, s as defineResourceVariants, u as CRUD_OPERATIONS, v as HOOK_OPERATIONS, w as MAX_SEARCH_LENGTH, x as HookPhase, y as HOOK_PHASES } from "./index-Cibkchnx.mjs";
-import { C as authenticated, D as publicRead, E as presets_d_exports, O as publicReadAdminWrite, S as adminOnly, T as ownerWithAdminBypass, _ as requireScopeContext, a as allOf, c as createDynamicPermissionMatrix, d as requireAuth, f as requireOrgInScope, g as requireRoles, h as requireOwnership, k as readOnly, l as createOrgPermissions, m as requireOrgRole, n as DynamicPermissionMatrix, o as allowPublic, p as requireOrgMembership, r as DynamicPermissionMatrixConfig, s as anyOf, u as denyAll, v as requireServiceScope, w as fullPublic, x as when, y as requireTeamMembership } from "./index-C-xjcA6F.mjs";
-import { a as NotFoundError, d as ValidationError, f as createDomainError, i as ForbiddenError, t as ArcError, u as UnauthorizedError } from "./errors-BI8kEKsO.mjs";
+import { a as applyFieldWritePermissions, c as PermissionCheck, d as UserBase, i as applyFieldReadPermissions, l as PermissionContext, n as FieldPermissionMap, o as fields, t as FieldPermission, u as PermissionResult } from "./fields-Lo1VUDpt.mjs";
+import { $ as CrudSchemas, At as SchemaMetadata, B as FastifyWithDecorators, Bt as ArcInternalMetadata, C as ResourceMetadata, Ct as RouteHandler, D as HealthOptions, Dt as FieldMetadata, E as HealthCheck, Et as DataAdapter, Ft as OperationFilter, G as ResourceDefinition, H as RequestWithExtras, It as PipelineConfig, Jt as ServiceContext, K as defineResource, Lt as PipelineContext, Mt as Guard, Nt as Interceptor, O as IntrospectionPluginOptions, Ot as RelationMetadata, Pt as NextFunction, Q as CrudRouteKey, R as FastifyRequestExtras, Rt as PipelineStep, S as RegistryStats, St as IRequestContext, T as GracefulShutdownOptions, Ut as OwnershipCheck, V as MiddlewareHandler, Z as CrudController, _ as ConfigError, _n as UserOrganization, b as IntrospectionData, bt as IController, d as InferAdapterDoc, dn as AnyRecord, et as EventDefinition, f as InferDocType, fn as ApiResponse, g as TypedResourceConfig, gt as RouteSchemaOptions, h as TypedRepository, it as PresetFunction, j as AuthPluginOptions, jt as ValidationResult, k as RequestIdOptions, kt as RepositoryLike, lt as ResourceConfig, m as TypedController, mn as JWTPayload, n as BaseController, nt as MiddlewareConfig, ot as PresetResult, p as InferResourceDoc, pn as ArcRequest, qt as RequestContext, r as BaseControllerOptions, st as RateLimitConfig, t as RouteHandlerMethod, tt as FieldRule, u as PaginationResult, v as ValidateOptions, vn as envelope, vt as ControllerLike, w as CrudRouterOptions, x as RegistryEntry, xt as IControllerResponse, y as ValidationResult$1, z as FastifyWithAuth, zt as Transform } from "./index-Cl0uoKd5.mjs";
+import { l as createMongooseAdapter, o as createPrismaAdapter, s as MongooseAdapter, t as PrismaAdapter } from "./index-DStwgFUK.mjs";
+import { C as MAX_REGEX_LENGTH, D as RESERVED_QUERY_PARAMS, E as MutationOperation, O as SYSTEM_FIELDS, S as MAX_FILTER_DEPTH, T as MUTATION_OPERATIONS, _ as DEFAULT_UPDATE_METHOD, a as getControllerScope, b as HookOperation, d as CrudOperation, f as DEFAULT_ID_FIELD, g as DEFAULT_TENANT_FIELD, h as DEFAULT_SORT, m as DEFAULT_MAX_LIMIT, p as DEFAULT_LIMIT, s as defineResourceVariants, u as CRUD_OPERATIONS, v as HOOK_OPERATIONS, w as MAX_SEARCH_LENGTH, x as HookPhase, y as HOOK_PHASES } from "./index-8qw4y6ff.mjs";
+import { A as requireRoles, C as allOf, E as denyAll, M as when, O as requireAuth, S as createOrgPermissions, T as anyOf, a as presets_d_exports, c as readOnly, d as requireOrgRole, f as requireScopeContext, i as ownerWithAdminBypass, k as requireOwnership, l as requireOrgInScope, m as requireTeamMembership, n as authenticated, o as publicRead, p as requireServiceScope, r as fullPublic, s as publicReadAdminWrite, t as adminOnly, u as requireOrgMembership, v as DynamicPermissionMatrix, w as allowPublic, x as createDynamicPermissionMatrix, y as DynamicPermissionMatrixConfig } from "./index-ChIw3776.mjs";
+import { a as NotFoundError, d as ValidationError, f as createDomainError, i as ForbiddenError, t as ArcError, u as UnauthorizedError } from "./errors-CCSsMpXE.mjs";
 import { AsyncLocalStorage } from "node:async_hooks";
 import { RouteHandlerMethod as RouteHandlerMethod$1 } from "fastify";
 
@@ -253,4 +252,4 @@ declare function arcLog(module: string): ArcLogger;
 //#region src/index.d.ts
 declare const version: string;
 //#endregion
-export { type ValidationResult as AdapterValidationResult, type AnyRecord, type ApiResponse, ArcError, type ArcInternalMetadata, type ArcLogWriter, type ArcLogger, type ArcLoggerOptions, type ArcRequest, type AuthPluginOptions, BaseController, type BaseControllerOptions, type BulkWriteOperation, type BulkWriteResult, CRUD_OPERATIONS, type ConfigError, type ControllerLike, type CrudController, CrudOperation, type CrudRepository, type CrudRouteKey, type CrudRouterOptions, type CrudSchemas, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, type DataAdapter, type DeleteManyResult, type DeleteOptions, type DeleteResult, type DynamicPermissionMatrix, type DynamicPermissionMatrixConfig, type EventDefinition, type FastifyRequestExtras, type FastifyWithAuth, type FastifyWithDecorators, type FieldMetadata, type FieldPermission, type FieldPermissionMap, type FieldRule, ForbiddenError, type GracefulShutdownOptions, type Guard, HOOK_OPERATIONS, HOOK_PHASES, type HealthCheck, type HealthOptions, HookOperation, HookPhase, type IController, type IControllerResponse, type IRequestContext, type InferAdapterDoc, type InferDocType, type InferResourceDoc, type Interceptor, type IntrospectionData, type IntrospectionPluginOptions, type JWTPayload, type KeysetPaginatedResult, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, type MiddlewareConfig, MongooseAdapter, MutationOperation, type NamedMiddleware, NotFoundError, type OffsetPaginatedResult, type OwnershipCheck, type PaginatedResult, type PaginationParams, type PaginationResult, type PermissionCheck, type PermissionContext, type PermissionResult, type PipelineConfig, type PipelineContext, type PipelineStep, type PresetFunction, type PresetResult, PrismaAdapter, type QueryOptions, RESERVED_QUERY_PARAMS, type RateLimitConfig, type RegistryEntry, type RegistryStats, type RelationMetadata, type RepositoryLike, type RepositorySession, type RequestContext, type RequestIdOptions, type RequestStore, type RequestWithExtras, type ResourceConfig, ResourceDefinition, type ResourceMetadata, type RouteHandler, type RouteHandlerMethod, type RouteSchemaOptions, SYSTEM_FIELDS, type SchemaMetadata, type ServiceContext, type Transform, type TypedController, type TypedRepository, type TypedResourceConfig, UnauthorizedError, type UpdateManyResult, type UserBase, type UserOrganization, type ValidateOptions, ValidationError, type ValidationResult$1 as ValidationResult, type WriteOptions, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, arcLog, assertValidConfig, authenticated, configureArcLogger, createDomainError, createDynamicPermissionMatrix, createMongooseAdapter, createOrgPermissions, createPrismaAdapter, defineResource, defineResourceVariants, denyAll, envelope, fields, formatValidationErrors, fullPublic, getControllerScope, guard, intercept, middleware, ownerWithAdminBypass, presets_d_exports as permissions, pipe, publicRead, publicReadAdminWrite, readOnly, requestContext, requireAuth, requireOrgInScope, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireScopeContext, requireServiceScope, requireTeamMembership, sortMiddlewares, transform, validateResourceConfig, version, when };
+export { type ValidationResult as AdapterValidationResult, type AnyRecord, type ApiResponse, ArcError, type ArcInternalMetadata, type ArcLogWriter, type ArcLogger, type ArcLoggerOptions, type ArcRequest, type AuthPluginOptions, BaseController, type BaseControllerOptions, CRUD_OPERATIONS, type ConfigError, type ControllerLike, type CrudController, CrudOperation, type CrudRouteKey, type CrudRouterOptions, type CrudSchemas, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, type DataAdapter, type DynamicPermissionMatrix, type DynamicPermissionMatrixConfig, type EventDefinition, type FastifyRequestExtras, type FastifyWithAuth, type FastifyWithDecorators, type FieldMetadata, type FieldPermission, type FieldPermissionMap, type FieldRule, ForbiddenError, type GracefulShutdownOptions, type Guard, HOOK_OPERATIONS, HOOK_PHASES, type HealthCheck, type HealthOptions, HookOperation, HookPhase, type IController, type IControllerResponse, type IRequestContext, type InferAdapterDoc, type InferDocType, type InferResourceDoc, type Interceptor, type IntrospectionData, type IntrospectionPluginOptions, type JWTPayload, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, type MiddlewareConfig, MongooseAdapter, MutationOperation, type NamedMiddleware, NotFoundError, type OwnershipCheck, type PaginationResult, type PermissionCheck, type PermissionContext, type PermissionResult, type PipelineConfig, type PipelineContext, type PipelineStep, type PresetFunction, type PresetResult, PrismaAdapter, RESERVED_QUERY_PARAMS, type RateLimitConfig, type RegistryEntry, type RegistryStats, type RelationMetadata, type RepositoryLike, type RequestContext, type RequestIdOptions, type RequestStore, type RequestWithExtras, type ResourceConfig, ResourceDefinition, type ResourceMetadata, type RouteHandler, type RouteHandlerMethod, type RouteSchemaOptions, SYSTEM_FIELDS, type SchemaMetadata, type ServiceContext, type Transform, type TypedController, type TypedRepository, type TypedResourceConfig, UnauthorizedError, type UserBase, type UserOrganization, type ValidateOptions, ValidationError, type ValidationResult$1 as ValidationResult, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, arcLog, assertValidConfig, authenticated, configureArcLogger, createDomainError, createDynamicPermissionMatrix, createMongooseAdapter, createOrgPermissions, createPrismaAdapter, defineResource, defineResourceVariants, denyAll, envelope, fields, formatValidationErrors, fullPublic, getControllerScope, guard, intercept, middleware, ownerWithAdminBypass, presets_d_exports as permissions, pipe, publicRead, publicReadAdminWrite, readOnly, requestContext, requireAuth, requireOrgInScope, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireScopeContext, requireServiceScope, requireTeamMembership, sortMiddlewares, transform, validateResourceConfig, version, when };

package/dist/index.mjs

@@ -1,14 +1,13 @@
-import { a as DEFAULT_SORT, c as HOOK_OPERATIONS, d as MAX_REGEX_LENGTH, f as MAX_SEARCH_LENGTH, h as SYSTEM_FIELDS, i as DEFAULT_MAX_LIMIT, l as HOOK_PHASES, m as RESERVED_QUERY_PARAMS, n as DEFAULT_ID_FIELD, o as DEFAULT_TENANT_FIELD, p as MUTATION_OPERATIONS, r as DEFAULT_LIMIT, s as DEFAULT_UPDATE_METHOD, t as CRUD_OPERATIONS, u as MAX_FILTER_DEPTH } from "./constants-Cxde4rpC.mjs";
-import { a as createMongooseAdapter, i as MongooseAdapter, r as createPrismaAdapter, t as PrismaAdapter } from "./adapters-BBqAVvPK.mjs";
-import { t as BaseController } from "./BaseController-Vu2yc56T.mjs";
-import { envelope } from "./types/index.mjs";
-import { n as applyFieldWritePermissions, r as fields, t as applyFieldReadPermissions } from "./fields-CU6FlaDV.mjs";
-import { d as createDomainError, i as NotFoundError, l as UnauthorizedError, r as ForbiddenError, t as ArcError, u as ValidationError } from "./errors-CqWnSqM-.mjs";
-import { t as requestContext } from "./requestContext-DYtmNpm5.mjs";
-import { a as validateResourceConfig, f as getControllerScope, i as formatValidationErrors, m as pipe, n as defineResource, r as assertValidConfig, t as ResourceDefinition } from "./defineResource-C__jkwvs.mjs";
-import { C as publicRead, S as presets_exports, T as readOnly, _ as when, a as createOrgPermissions, b as fullPublic, c as requireOrgInScope, d as requireOwnership, f as requireRoles, h as requireTeamMembership, i as createDynamicPermissionMatrix, l as requireOrgMembership, m as requireServiceScope, n as allowPublic, o as denyAll, p as requireScopeContext, r as anyOf, s as requireAuth, t as allOf, u as requireOrgRole, v as adminOnly, w as publicReadAdminWrite, x as ownerWithAdminBypass, y as authenticated } from "./permissions-oNZawnkR.mjs";
-import { t as defineResourceVariants } from "./core-DNncu0xF.mjs";
-import { n as configureArcLogger, t as arcLog } from "./logger-CDjpjySd.mjs";
+import { a as createMongooseAdapter, i as MongooseAdapter, r as createPrismaAdapter, t as PrismaAdapter } from "./adapters-BXY4i-hw.mjs";
+import { a as DEFAULT_SORT, c as HOOK_OPERATIONS, d as MAX_REGEX_LENGTH, f as MAX_SEARCH_LENGTH, h as SYSTEM_FIELDS, i as DEFAULT_MAX_LIMIT, l as HOOK_PHASES, m as RESERVED_QUERY_PARAMS, n as DEFAULT_ID_FIELD, o as DEFAULT_TENANT_FIELD, p as MUTATION_OPERATIONS, r as DEFAULT_LIMIT, s as DEFAULT_UPDATE_METHOD, t as CRUD_OPERATIONS, u as MAX_FILTER_DEPTH } from "./constants-BhY1OHoH.mjs";
+import { t as BaseController } from "./BaseController-CbKKIflT.mjs";
+import { t as envelope } from "./types-Csi3FLfq.mjs";
+import { n as applyFieldWritePermissions, r as fields, t as applyFieldReadPermissions } from "./fields-bxkeltzz.mjs";
+import { d as createDomainError, i as NotFoundError, l as UnauthorizedError, r as ForbiddenError, t as ArcError, u as ValidationError } from "./errors-D5c-5BJL.mjs";
+import { t as requestContext } from "./requestContext-xHIKedG6.mjs";
+import { a as formatValidationErrors, h as pipe, i as assertValidConfig, n as ResourceDefinition, o as validateResourceConfig, p as getControllerScope, r as defineResource, t as defineResourceVariants } from "./core-CcR01lup.mjs";
+import { C as requireAuth, D as when, T as requireRoles, _ as requireTeamMembership, a as presets_exports, b as anyOf, c as readOnly, d as createOrgPermissions, f as requireOrgInScope, g as requireServiceScope, h as requireScopeContext, i as ownerWithAdminBypass, m as requireOrgRole, n as authenticated, o as publicRead, p as requireOrgMembership, r as fullPublic, s as publicReadAdminWrite, t as adminOnly, u as createDynamicPermissionMatrix, v as allOf, w as requireOwnership, x as denyAll, y as allowPublic } from "./permissions-Dk6mshja.mjs";
+import { n as configureArcLogger, t as arcLog } from "./logger-DLg8-Ueg.mjs";
 //#region src/middleware/middleware.ts
 /**
 * Named Middleware — Priority-based, conditional middleware execution.
@@ -128,6 +127,6 @@ function transform(name, handlerOrOptions) {
 }
 //#endregion
 //#region src/index.ts
-const version = "2.9.1";
+const version = "2.10.3";
 //#endregion
 export { ArcError, BaseController, CRUD_OPERATIONS, DEFAULT_ID_FIELD, DEFAULT_LIMIT, DEFAULT_MAX_LIMIT, DEFAULT_SORT, DEFAULT_TENANT_FIELD, DEFAULT_UPDATE_METHOD, ForbiddenError, HOOK_OPERATIONS, HOOK_PHASES, MAX_FILTER_DEPTH, MAX_REGEX_LENGTH, MAX_SEARCH_LENGTH, MUTATION_OPERATIONS, MongooseAdapter, NotFoundError, PrismaAdapter, RESERVED_QUERY_PARAMS, ResourceDefinition, SYSTEM_FIELDS, UnauthorizedError, ValidationError, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, arcLog, assertValidConfig, authenticated, configureArcLogger, createDomainError, createDynamicPermissionMatrix, createMongooseAdapter, createOrgPermissions, createPrismaAdapter, defineResource, defineResourceVariants, denyAll, envelope, fields, formatValidationErrors, fullPublic, getControllerScope, guard, intercept, middleware, ownerWithAdminBypass, presets_exports as permissions, pipe, publicRead, publicReadAdminWrite, readOnly, requestContext, requireAuth, requireOrgInScope, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireScopeContext, requireServiceScope, requireTeamMembership, sortMiddlewares, transform, validateResourceConfig, version, when };

package/dist/integrations/event-gateway.d.mts

@@ -1,4 +1,4 @@
-import { n as DomainEvent } from "../EventTransport-CqZ8FyM_.mjs";
+import { n as DomainEvent } from "../EventTransport-CUw5NNWe.mjs";
 import { WebSocketClient, WebSocketMessage } from "./websocket.mjs";
 import { FastifyPluginAsync, FastifyRequest } from "fastify";
 

package/dist/integrations/event-gateway.mjs

@@ -4,7 +4,7 @@ const eventGatewayPluginImpl = async (fastify, opts = {}) => {
 	const { auth = true, orgScoped = false, roomPolicy, maxMessageBytes, maxSubscriptionsPerClient, authenticate } = opts;
 	if (auth && !authenticate && !fastify.hasDecorator("authenticate")) throw new Error("[arc-event-gateway] auth is true but fastify.authenticate is not registered. Register an auth plugin first, provide a custom authenticate function, or set auth: false.");
 	if (opts.sse !== false) {
-		const { default: ssePlugin } = await import("../sse-CJpt7LGI.mjs").then((n) => n.r);
+		const { default: ssePlugin } = await import("../sse-yBCgOLGu.mjs").then((n) => n.r);
 		await fastify.register(ssePlugin, {
 			path: opts.sse?.path ?? "/events/stream",
 			requireAuth: auth,

package/dist/integrations/index.d.mts

@@ -1,7 +1,7 @@
 import { WebSocketClient, WebSocketMessage, WebSocketPluginOptions } from "./websocket.mjs";
 import { EventGatewayOptions } from "./event-gateway.mjs";
 import { JobDefinition, JobDispatchOptions, JobDispatcher, JobMeta, JobsPluginOptions, QueueStats } from "./jobs.mjs";
-import { c as McpResourceConfig, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler } from "../types-CoSzA-s-.mjs";
+import { c as McpResourceConfig, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler } from "../types-Btdda02s.mjs";
 import { StreamlinePluginOptions, WorkflowLike, WorkflowRunLike } from "./streamline.mjs";
 import { WebhookDeliveryRecord, WebhookManager, WebhookPluginOptions, WebhookStore, WebhookSubscription } from "./webhooks.mjs";
 export { type BetterAuthHandler, type CallToolResult, type CreateMcpServerConfig, type CrudOperation, type EventGatewayOptions, type JobDefinition, type JobDispatchOptions, type JobDispatcher, type JobMeta, type JobsPluginOptions, type McpAuthResult, type McpPluginOptions, type McpResourceConfig, type PromptDefinition, type QueueStats, type StreamlinePluginOptions, type ToolAnnotations, type ToolContext, type ToolDefinition, type WebSocketClient, type WebSocketMessage, type WebSocketPluginOptions, type WebhookDeliveryRecord, type WebhookManager, type WebhookPluginOptions, type WebhookStore, type WebhookSubscription, type WorkflowLike, type WorkflowRunLike };

package/dist/integrations/mcp/index.d.mts

@@ -1,5 +1,5 @@
-import { Kt as ResourceDefinition } from "../../interface-YrWsmKqE.mjs";
-import { a as McpAuthResolver, c as McpResourceConfig, d as SessionEntry, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler, u as PromptResult } from "../../types-CoSzA-s-.mjs";
+import { G as ResourceDefinition } from "../../index-Cl0uoKd5.mjs";
+import { a as McpAuthResolver, c as McpResourceConfig, d as SessionEntry, f as ToolAnnotations, i as CrudOperation, l as PromptDefinition, m as ToolDefinition, n as CallToolResult, o as McpAuthResult, p as ToolContext, r as CreateMcpServerConfig, s as McpPluginOptions, t as BetterAuthHandler, u as PromptResult } from "../../types-Btdda02s.mjs";
 import { FastifyPluginAsync } from "fastify";
 import { z } from "zod";
 

package/dist/integrations/mcp/index.mjs

@@ -1,4 +1,4 @@
-import { n as fieldRulesToZod, r as createMcpServer, t as resourceToTools } from "../../resourceToTools-C3cWymnW.mjs";
+import { n as fieldRulesToZod, r as createMcpServer, t as resourceToTools } from "../../resourceToTools-BElv3xPT.mjs";
 import { createHash, randomUUID } from "node:crypto";
 import fp from "fastify-plugin";
 //#region src/integrations/mcp/defineTool.ts

package/dist/integrations/mcp/testing.d.mts

@@ -1,4 +1,4 @@
-import { o as McpAuthResult, s as McpPluginOptions } from "../../types-CoSzA-s-.mjs";
+import { o as McpAuthResult, s as McpPluginOptions } from "../../types-Btdda02s.mjs";
 
 //#region src/integrations/mcp/testing.d.ts
 interface TestMcpClientOptions {

package/dist/integrations/mcp/testing.mjs

@@ -1,4 +1,4 @@
-import { r as createMcpServer, t as resourceToTools } from "../../resourceToTools-C3cWymnW.mjs";
+import { r as createMcpServer, t as resourceToTools } from "../../resourceToTools-BElv3xPT.mjs";
 //#region src/integrations/mcp/testing.ts
 /**
 * @classytic/arc/mcp/testing — MCP Test Utilities

package/dist/interface-D218ikEo.d.mts

@@ -0,0 +1,77 @@
+//#region src/cache/interface.d.ts
+/**
+ * Cache Store Interface — aligned with `@classytic/repo-core/cache.CacheAdapter`.
+ *
+ * Arc's cache layer speaks the same `get / set(ttlSeconds?) / del / clear(pattern?)`
+ * transport-level contract published by `@classytic/repo-core`. One Redis
+ * implementation drops into Arc's `QueryCache`, mongokit's cache plugin,
+ * sqlitekit's cache plugin, and every future kit without wrapper shims.
+ *
+ * Arc extends the bare adapter with two optional observability fields —
+ * `name` (for diagnostics) and `stats()` (for the response-cache plugin) —
+ * that are opt-in: consumers implementing only `CacheAdapter` still
+ * structurally satisfy `CacheStore`, so a raw repo-core adapter plugs
+ * directly into Arc.
+ *
+ * ## TTL unit
+ *
+ * `ttlSeconds`, not milliseconds. Matches Redis (`SET … EX seconds`) which
+ * is the dominant backend. `0` or `undefined` means no expiry; implementations
+ * may apply their own default.
+ *
+ * ## Not-found semantics
+ *
+ * `get()` returns `undefined` on miss / expired. Matches repo-core.
+ *
+ * ## Sync-or-async
+ *
+ * Method returns are `Promise<T> | T` — in-memory `Map` adapters can be
+ * synchronous; Redis adapters are async. Consumers always `await`, so
+ * sync values just short-circuit the microtask.
+ */
+interface CacheLogger {
+  warn(message: string, ...args: unknown[]): void;
+  error(message: string, ...args: unknown[]): void;
+}
+interface CacheStats {
+  /** Number of entries currently stored */
+  entries: number;
+  /** Estimated memory usage in bytes (-1 if unavailable) */
+  memoryBytes: number;
+  /** Cache hit count since creation */
+  hits: number;
+  /** Cache miss count since creation */
+  misses: number;
+  /** Number of entries evicted since creation */
+  evictions: number;
+}
+interface CacheStore<TValue = unknown> {
+  /** Store name for logs/diagnostics. Optional to match repo-core's bare `CacheAdapter`. */
+  readonly name?: string;
+  /**
+   * Get a value by key. Returns `undefined` when not found or expired.
+   */
+  get(key: string): Promise<TValue | undefined> | TValue | undefined;
+  /**
+   * Store a value with optional TTL (seconds). `0` or `undefined` means
+   * no expiry; implementations may apply a default.
+   */
+  set(key: string, value: TValue, ttlSeconds?: number): Promise<void> | void;
+  /**
+   * Delete a single key. No-op when the key doesn't exist.
+   */
+  delete(key: string): Promise<void> | void;
+  /**
+   * Invalidate keys matching a glob pattern (typically `prefix:*`), or
+   * every key when `pattern` is omitted.
+   *
+   * Optional — simpler adapters that can't enumerate keys (some KV stores)
+   * may omit this and rely on TTL for eventual consistency. Consumers that
+   * need strict invalidation must check for its presence: `store.clear?.(pattern)`.
+   */
+  clear?(pattern?: string): Promise<void> | void;
+  /** Cache statistics for observability. Optional. */
+  stats?(): CacheStats;
+}
+//#endregion
+export { CacheStats as n, CacheStore as r, CacheLogger as t };

package/dist/{memory-BFAYkf8H.mjs → memory-B5Amv9A1.mjs}

@@ -11,7 +11,7 @@ var memory_exports = /* @__PURE__ */ __exportAll({ MemoryCacheStore: () => Memor
 var MemoryCacheStore = class {
 	name = "memory-cache";
 	cache = /* @__PURE__ */ new Map();
-	defaultTtlMs;
+	defaultTtlSeconds;
 	maxEntries;
 	maxEntryBytes;
 	maxMemoryBytes;
@@ -23,7 +23,7 @@ var MemoryCacheStore = class {
 	_misses = 0;
 	_evictions = 0;
 	constructor(options = {}) {
-		this.defaultTtlMs = options.defaultTtlMs ?? 6e4;
+		this.defaultTtlSeconds = options.defaultTtlSeconds ?? 60;
 		this.maxEntries = clamp(options.maxEntries ?? 1e3, 1, 1e5);
 		this.maxEntryBytes = clamp(options.maxEntryBytes ?? 256 * 1024, 1024, 10 * 1024 * 1024);
 		this.maxMemoryBytes = options.maxMemoryBytes ?? 50 * 1024 * 1024;
@@ -49,9 +49,10 @@ var MemoryCacheStore = class {
 		this._hits++;
 		return entry.value;
 	}
-	async set(key, value, options = {}) {
-		const ttlMs = options.ttlMs ?? this.defaultTtlMs;
-		if (!Number.isFinite(ttlMs) || ttlMs <= 0) return;
+	async set(key, value, ttlSeconds) {
+		const effectiveTtlSeconds = ttlSeconds ?? this.defaultTtlSeconds;
+		if (!Number.isFinite(effectiveTtlSeconds) || effectiveTtlSeconds <= 0) return;
+		const ttlMs = effectiveTtlSeconds * 1e3;
 		const size = this.estimateSize(value);
 		if (size > this.maxEntryBytes) {
 			this.logger.warn(`[MemoryCacheStore] Skipping oversized entry for key '${key}' (${size} bytes > ${this.maxEntryBytes} bytes)`);
@@ -75,9 +76,14 @@ var MemoryCacheStore = class {
 		const entry = this.cache.get(key);
 		if (entry) this.removeEntry(key, entry);
 	}
-	async clear() {
-		this.cache.clear();
-		this.currentBytes = 0;
+	async clear(pattern) {
+		if (pattern === void 0) {
+			this.cache.clear();
+			this.currentBytes = 0;
+			return;
+		}
+		const regex = globToRegExp(pattern);
+		for (const [key, entry] of this.cache) if (regex.test(key)) this.removeEntry(key, entry);
 	}
 	async close() {
 		clearInterval(this.cleanupTimer);
@@ -134,5 +140,14 @@ var MemoryCacheStore = class {
 function clamp(value, min, max) {
 	return Math.min(max, Math.max(min, value));
 }
+/**
+* Translate a glob pattern (`prefix:*`, `*:tag:v`) into a regex. Only `*`
+* is honoured; other regex metachars are escaped so patterns can't inject
+* alternation/lookahead.
+*/
+function globToRegExp(pattern) {
+	const escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*");
+	return new RegExp(`^${escaped}$`);
+}
 //#endregion
 export { memory_exports as n, MemoryCacheStore as t };

package/dist/{openapi-CXuTG1M9.mjs → openapi-B5F8AddX.mjs}

@@ -1,6 +1,6 @@
-import { t as getUserRoles } from "./types-ZUu_h0jp.mjs";
+import { t as getUserRoles } from "./types-DV9WDfeg.mjs";
 import { n as convertRouteSchema } from "./schemaConverter-BxFDdtXu.mjs";
-import { t as buildActionBodySchema } from "./createActionRouter-DH1YFL9m.mjs";
+import { t as buildActionBodySchema } from "./createActionRouter-Bp_5c_2b.mjs";
 import fp from "fastify-plugin";
 //#region src/docs/openapi.ts
 const openApiPlugin = async (fastify, opts = {}) => {

package/dist/org/index.d.mts

@@ -1,5 +1,5 @@
-import { Ut as RouteHandler } from "../interface-YrWsmKqE.mjs";
-import { i as UserBase } from "../types-DZi1aYhm.mjs";
+import { d as UserBase } from "../fields-Lo1VUDpt.mjs";
+import { Ct as RouteHandler } from "../index-Cl0uoKd5.mjs";
 import { InvitationAdapter, InvitationDoc, MemberDoc, OrgAdapter, OrgDoc, OrgPermissionStatement, OrgRole, OrganizationPluginOptions } from "./types.mjs";
 import { FastifyPluginAsync, RouteHandlerMethod } from "fastify";
 

package/dist/permissions/index.d.mts

@@ -1,4 +1,3 @@
-import { a as applyFieldWritePermissions, i as applyFieldReadPermissions, n as FieldPermissionMap, o as fields, r as FieldPermissionType, s as resolveEffectiveRoles, t as FieldPermission } from "../fields-BC7zcmI9.mjs";
-import { a as getUserRoles, i as UserBase, n as PermissionContext, o as normalizeRoles, r as PermissionResult, t as PermissionCheck } from "../types-DZi1aYhm.mjs";
-import { A as RoleHierarchy, C as authenticated, D as publicRead, E as presets_d_exports, M as applyPermissionResult, N as normalizePermissionResult, O as publicReadAdminWrite, S as adminOnly, T as ownerWithAdminBypass, _ as requireScopeContext, a as allOf, b as roles, c as createDynamicPermissionMatrix, d as requireAuth, f as requireOrgInScope, g as requireRoles, h as requireOwnership, i as PermissionEventBus, j as createRoleHierarchy, k as readOnly, l as createOrgPermissions, m as requireOrgRole, n as DynamicPermissionMatrix, o as allowPublic, p as requireOrgMembership, r as DynamicPermissionMatrixConfig, s as anyOf, t as ConnectEventsOptions, u as denyAll, v as requireServiceScope, w as fullPublic, x as when, y as requireTeamMembership } from "../index-C-xjcA6F.mjs";
-export { ConnectEventsOptions, DynamicPermissionMatrix, DynamicPermissionMatrixConfig, FieldPermission, FieldPermissionMap, FieldPermissionType, PermissionCheck, PermissionContext, PermissionEventBus, PermissionResult, RoleHierarchy, UserBase, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, applyPermissionResult, authenticated, createDynamicPermissionMatrix, createOrgPermissions, createRoleHierarchy, denyAll, fields, fullPublic, getUserRoles, normalizePermissionResult, normalizeRoles, ownerWithAdminBypass, presets_d_exports as permissions, publicRead, publicReadAdminWrite, readOnly, requireAuth, requireOrgInScope, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireScopeContext, requireServiceScope, requireTeamMembership, resolveEffectiveRoles, roles, when };
+import { a as applyFieldWritePermissions, c as PermissionCheck, d as UserBase, f as getUserRoles, i as applyFieldReadPermissions, l as PermissionContext, n as FieldPermissionMap, o as fields, p as normalizeRoles, r as FieldPermissionType, s as resolveEffectiveRoles, t as FieldPermission, u as PermissionResult } from "../fields-Lo1VUDpt.mjs";
+import { A as requireRoles, C as allOf, D as not, E as denyAll, M as when, N as applyPermissionResult, O as requireAuth, P as normalizePermissionResult, S as createOrgPermissions, T as anyOf, _ as ConnectEventsOptions, a as presets_d_exports, b as PermissionEventBus, c as readOnly, d as requireOrgRole, f as requireScopeContext, g as createRoleHierarchy, h as RoleHierarchy, i as ownerWithAdminBypass, j as roles, k as requireOwnership, l as requireOrgInScope, m as requireTeamMembership, n as authenticated, o as publicRead, p as requireServiceScope, r as fullPublic, s as publicReadAdminWrite, t as adminOnly, u as requireOrgMembership, v as DynamicPermissionMatrix, w as allowPublic, x as createDynamicPermissionMatrix, y as DynamicPermissionMatrixConfig } from "../index-ChIw3776.mjs";
+export { ConnectEventsOptions, DynamicPermissionMatrix, DynamicPermissionMatrixConfig, FieldPermission, FieldPermissionMap, FieldPermissionType, PermissionCheck, PermissionContext, PermissionEventBus, PermissionResult, RoleHierarchy, UserBase, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, applyPermissionResult, authenticated, createDynamicPermissionMatrix, createOrgPermissions, createRoleHierarchy, denyAll, fields, fullPublic, getUserRoles, normalizePermissionResult, normalizeRoles, not, ownerWithAdminBypass, presets_d_exports as permissions, publicRead, publicReadAdminWrite, readOnly, requireAuth, requireOrgInScope, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireScopeContext, requireServiceScope, requireTeamMembership, resolveEffectiveRoles, roles, when };

package/dist/permissions/index.mjs

@@ -1,5 +1,5 @@
-import { i as resolveEffectiveRoles, n as applyFieldWritePermissions, r as fields, t as applyFieldReadPermissions } from "../fields-CU6FlaDV.mjs";
-import { n as normalizeRoles, t as getUserRoles } from "../types-ZUu_h0jp.mjs";
-import { n as normalizePermissionResult, t as applyPermissionResult } from "../applyPermissionResult-bqGpo9ML.mjs";
-import { C as publicRead, E as createRoleHierarchy, S as presets_exports, T as readOnly, _ as when, a as createOrgPermissions, b as fullPublic, c as requireOrgInScope, d as requireOwnership, f as requireRoles, g as roles, h as requireTeamMembership, i as createDynamicPermissionMatrix, l as requireOrgMembership, m as requireServiceScope, n as allowPublic, o as denyAll, p as requireScopeContext, r as anyOf, s as requireAuth, t as allOf, u as requireOrgRole, v as adminOnly, w as publicReadAdminWrite, x as ownerWithAdminBypass, y as authenticated } from "../permissions-oNZawnkR.mjs";
-export { adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, applyPermissionResult, authenticated, createDynamicPermissionMatrix, createOrgPermissions, createRoleHierarchy, denyAll, fields, fullPublic, getUserRoles, normalizePermissionResult, normalizeRoles, ownerWithAdminBypass, presets_exports as permissions, publicRead, publicReadAdminWrite, readOnly, requireAuth, requireOrgInScope, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireScopeContext, requireServiceScope, requireTeamMembership, resolveEffectiveRoles, roles, when };
+import { i as resolveEffectiveRoles, n as applyFieldWritePermissions, r as fields, t as applyFieldReadPermissions } from "../fields-bxkeltzz.mjs";
+import { n as normalizeRoles, t as getUserRoles } from "../types-DV9WDfeg.mjs";
+import { n as normalizePermissionResult, t as applyPermissionResult } from "../applyPermissionResult-QhV1Pa-g.mjs";
+import { C as requireAuth, D as when, E as roles, S as not, T as requireRoles, _ as requireTeamMembership, a as presets_exports, b as anyOf, c as readOnly, d as createOrgPermissions, f as requireOrgInScope, g as requireServiceScope, h as requireScopeContext, i as ownerWithAdminBypass, l as createRoleHierarchy, m as requireOrgRole, n as authenticated, o as publicRead, p as requireOrgMembership, r as fullPublic, s as publicReadAdminWrite, t as adminOnly, u as createDynamicPermissionMatrix, v as allOf, w as requireOwnership, x as denyAll, y as allowPublic } from "../permissions-Dk6mshja.mjs";
+export { adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, applyPermissionResult, authenticated, createDynamicPermissionMatrix, createOrgPermissions, createRoleHierarchy, denyAll, fields, fullPublic, getUserRoles, normalizePermissionResult, normalizeRoles, not, ownerWithAdminBypass, presets_exports as permissions, publicRead, publicReadAdminWrite, readOnly, requireAuth, requireOrgInScope, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireScopeContext, requireServiceScope, requireTeamMembership, resolveEffectiveRoles, roles, when };